I am getting a CORS error from Google Search Console. My site is running on ‘www.example.com,’ and I am redirecting all ‘example.com’ requests to the ‘www.example.com’ domain. I am receiving the error from a Google Search Console script.

Access to XMLHttpRequest at 'https://exqample.com/g/collect?v=2&tid=G-15155CVSDDR&gtm=45je488f0z897690za200zb91156f57690&_p=1723208822196&gcd=13l3l1&npa=0&dma=0&tag_exp=0&cid=16187869.1718361724&ecid=41934950&ul=en-us&sr=1920x1080&_fplc=0&ur=IN-PB&uaa=x86&uab=64&uafvl=Not)A%25BBrand%3B99.0.0.0%7CGoogle%2520Chrome%3B127.0.533.72%7CChromium%3B127.0.6533.72&uamb=0&uam=&uap=Linux&uapv=6.5.0&uaw=0&are=1&frm=0&pscdl=noapi&sst.etld=google.co.in&sst.gcd=13l3l3l3l1&sst.tft=1723822196&sst.ude=0&_s=1&sid=17207332&sct=66&seg=1&dl=https%3A%2F%2Fwww.example.com' from origin 'https://www.exapmle.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Here is my Nginx Config

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    
    server_name example.com.com;

    # Redirect all traffic to the www version
    return 301 https://www.thegoodcontractorslist.com$request_uri;

    ssl_certificate      /file/path/combined.crt;
    ssl_certificate_key  /file/path/private.key;    
    
    location / {
        
        return 301 https://www.example.com.com$request_uri;
    }
}

server {

    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2;

    server_name www.example.com;
    
    root /var/www/html;
 
    ssl_certificate      /file/path/combined.crt;
        ssl_certificate_key  /file/path/private.key;   
    
    
        proxy_ssl_server_name on;
    
    if ( $host !~* ^(example.com|www.example.com)$ ) {
        return 444;
    }
    
    location / {
           proxy_pass http://127.0.0.1:3000;
           proxy_set_header X-Forwarded-Proto $scheme;
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
    }

}

Here is my Gtag code that is writtem in next js

 <Script id="gtag-Tag-Manager" strategy="lazyOnload">
        {`
            (function(x,x,x,x,x){
              w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});
              var f=d.getElementsByTagName(s)[0],j=d.createElement(x),dl=l!='dataLayer'?'&l='+l:'';
              j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;
              f.parentNode.insertBefore(j,f);
            })(window,document,'script','dataLayer','GTM-xxxxxxxx');
          `}
      </Script>

I added headers in the Nginx configuration to fix the issue.

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    
    server_name example.com.com;

    # Redirect all traffic to the www version
    return 301 https://www.thegoodcontractorslist.com$request_uri;

    ssl_certificate      /file/path/combined.crt;
    ssl_certificate_key  /file/path/private.key; 
    
    location /g/ {
        add_header 'Access-Control-Allow-Origin' 'https://www.thegoodcontractorslist.com';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'Origin, Authorization, X-Requested-With, Content-Type, Accept';
        add_header 'Access-Control-Allow-Credentials' 'true';  # Allow credentials

        if ($request_method = OPTIONS) {
            return 204;
        }
        proxy_pass http://127.0.0.1:3000;
        proxy_set_header X-Forwarded-Proto $scheme;
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
  
    }
    
    location / {
        
        return 301 https://www.example.com.com$request_uri;
    }
}

But I’m still getting the same error.